Network & Security Administrator - Rfx 607

Profile IT Specialist - Network and Security administrator

Required Education and Certification - 
- First-level university degree in Computer Science. Information Technology, Engineering, or related field.
- Cisco Certified Network Associate
- Check Point Certified Security Administrator
- Zscaler Certifications
- Cisco Certified Network Professional
- CISSP - Certified Information Systems Security Professional

Required Skills Set -
- Excellent understanding of routing and switching principles.
- Excellent knowledge of BGP, LISP and VXLAN applied to Software Defined Access.
- Excellent knowledge of SASE / Zero-Trust Network Access (ZTNA) principles.
- Excellent understanding of Remote Access Service and Application Delivery technologies.
- Good working knowledge of the Information Technology Infrastructure Library (ITIL) framework.
- Excellent analytical and problem-solving skills.
- Flexibility and team spirit. Ability to work quickly and accurately under pressure.
- Excellent communication and interpersonal skills and ability to maintain effective working relations in a multi-cultural environment with sensitivity and respect for diversity.
- Competent user of Microsoft Office applications (Word, Excel, Outlook, PowerPoint) and the Internet, with the ability to quickly learn and use new software and information management tools.
- Fluent professional English (spoken and written, CEFR C1+)

Desirable Skills Set -
- Thorough understanding of network security technologies (Check Point, Palo Alto, Cisco ASA, Fortinet)
- Proficient in AWS and Azure cloud networking technologies
- Strong understanding of DNS and DHCP protocols, proficient in Microsoft DHCP and DNS, and experienced with open-source DNS and DHCP software.
- Familiarity with monitoring tools such as Cacti and CheckMK
- Proven ability to create network diagrams (such as using Visio), write technical documentation, or contribute to knowledge bases.
- Fluent professional French (spoken and written, CEFR B2+)

Required Experience -
- At least five years of proven experience supporting enterprise-grade networks (LAN based on Cisco Catalyst Center, WAN based on Cisco FlexVPN, AAA based on Cisco Identity Services Engine).
- At least five years of proven experience supporting enterprise-grade Data Center networks based on Cisco Nexus technology.
- At least three years of relevant professional experience managing Application-Layer Firewall policies on Check Point technology.
- At least one year of relevant work experience implementing and operating Secure Access Service Edge technologies.
- Proven professional experience with Check Point technologies (IDS/IPS, Identity Awareness, Remote Access), Zscaler ZIA/ZPA/ZDX, Radware DDoS technology
- Proven working experience with Ansible, Terraform and Python
- Proven working experience with Microsoft Active Directory and O365.

Context: Additional expertise is required at this stage to augment the Unit’ skill set in the IT networking domain, in order to further streamline operations as well as to provide technical support to project-related decision-making. The resource will work in our IT Networking and Communications unit, reporting directly
to the Unit manager.

Objective of the assignment: The primary responsibility of this role is to provide support for our IT telecommunications infrastructure tier-2 operations and projects. Specifically, the individual will be responsible for the administration of our Campus, Data Center, and Wide Area networks. Additionally, the role includes involvement in the administration of Secure Access Service Edge (SASE) and Zero-Trust Network Access (ZTNA). The applicant shall work in close collaboration with the team responsible for the IT network infrastructure as well as with the Information Security team. Based on the sensitive nature of the role, the success of the incumbent will be dependent upon security clearance of the profile.

Tasks:
(a) Regularly perform tier-2 support duties: work on incidents escalated from tier-1, troubleshoot tier-2 issues, manage technical support escalations towards tier-3:
(b) Manage, monitor, and maintain infrastructure components necessary to the delivery of network transport services (LAN, WAN, and Data Center).
(c) Manage, monitor, and maintain infrastructure components necessary to the delivery of SASE and ZTNA services to the user base.
(d) Manage, monitor, and maintain infrastructure components necessary to the delivery of network security services (Firewall up-to layer7, Intrusion Prevention System, DDoS prevention).
(e) Act as technical focal point for ITIL incident / problem / change management processes.
(f) Provide monthly reports on Key Performance Indicators using standard reporting tools.
(g) Actively contribute to improve accuracy and completeness of existing tier-1 and tier-2 documentation (Standard Operating Procedures, knowledge base).
(h) Analyze ZTNA use-case scenarios and collaborate with Information Security to ensure compliance with Information Security Policies with respect to:
• Data integrity.
• Data confidentiality.
• Secure access to Internal infrastructure and services.

Deliverables:
Become familiar with our IT telecommunications infrastructure environment and identify / plan / deploy / review improvements. More specifically, the applicant is expected to:
a. Within the first month, the candidate shall become familiar with our IT telecommunications network infrastructure environment.
b. Within the first two months, the candidate shall be able to identify and propose improvements on:
• i. Client connectivity profiles.
• ii. Internet Security policies.
• iii. Application delivery.
• iv. Streamlining operations.
c. Within the first three months, the applicant shall present a detailed plan to implement the proposed improvements in production.
d. Within the first four months, the applicant shall deploy the approved changes to the production environment.
e. Within the first six months, the applicant shall review the deployed changes, measure the achieved benefits, and prepare documentation to summarize the outcome of the deployed changes.